public inbox for libc-hacker@sourceware.org
 help / color / mirror / Atom feed
* [PATCH] Fix __printf_fp
@ 2004-03-24 15:31 Jakub Jelinek
  2004-03-26  9:23 ` Ulrich Drepper
  0 siblings, 1 reply; 2+ messages in thread
From: Jakub Jelinek @ 2004-03-24 15:31 UTC (permalink / raw)
  To: Ulrich Drepper; +Cc: Glibc hackers

Hi!

For IEEE quad long double with BITS_PER_MP_LIMB 32, mantissa takes exactly
4 limbs.  Until now any mantissa took at most 2 limbs (either IEEE extended
long double on 32-bit arch or IEEE quad on 64-bit arch) and bignum_size
reserved at least twice as many limbs for extra operations (e.g. it
does frac[fracsize++] = cy; in certain cases etc.).
Without this printf with certain numbers results in buffer overflows.

2004-03-24  Jakub Jelinek  <jakub@redhat.com>

	* stdio-common/printf_fp.c (__printf_fp): For IEEE quad long double
	on 32-bit architectures reserve 8 limbs instead of 4.

--- libc/stdio-common/printf_fp.c.jj	2004-03-23 12:28:47.000000000 -0500
+++ libc/stdio-common/printf_fp.c	2004-03-24 11:01:38.000000000 -0500
@@ -431,7 +431,9 @@ __printf_fp (FILE *fp,
      would be really big it could lead to memory problems.  */
   {
     mp_size_t bignum_size = ((ABS (exponent) + BITS_PER_MP_LIMB - 1)
-			     / BITS_PER_MP_LIMB + 4) * sizeof (mp_limb_t);
+			     / BITS_PER_MP_LIMB
+			     + (LDBL_MANT_DIG / BITS_PER_MP_LIMB > 2 ? 8 : 4))
+			    * sizeof (mp_limb_t);
     frac = (mp_limb_t *) alloca (bignum_size);
     tmp = (mp_limb_t *) alloca (bignum_size);
     scale = (mp_limb_t *) alloca (bignum_size);

	Jakub

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [PATCH] Fix __printf_fp
  2004-03-24 15:31 [PATCH] Fix __printf_fp Jakub Jelinek
@ 2004-03-26  9:23 ` Ulrich Drepper
  0 siblings, 0 replies; 2+ messages in thread
From: Ulrich Drepper @ 2004-03-26  9:23 UTC (permalink / raw)
  To: Jakub Jelinek; +Cc: Glibc hackers

Applied.

-- 
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-03-24 21:52 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-03-24 15:31 [PATCH] Fix __printf_fp Jakub Jelinek
2004-03-26  9:23 ` Ulrich Drepper

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).